the greenplum parameter "gp_reject_internal_tcp

kawe jack

unread,

Mar 9, 2017, 7:00:37 AM3/9/17

to Greenplum Users

Hello,everyone:

i have encountered a bug of greenplum recently.When i execute a inspective query, the response is "ERROR: failed to acquire resources on one or more segments".Under the help of google,it seems that the key point is the parameter ——gp_reject_internal_tcp_connection.However,i can't find any detail information about this parameter.

The bug i encountered is similar to this(https://discuss.pivotal.io/hc/en-us/articles/220670047--Failed-to-acquire-resources-on-one-or-more-segments-error-message-seen-in-Pivotal-Greenplum).

Could anyone can tell more about this parameter?Shall we set this parameter off in the production environment?

Regards,

kawe

Luis Macedo

unread,

Mar 9, 2017, 8:58:41 AM3/9/17

to kawe jack, Greenplum Users

Hummm... this parameter is not documented...

Can't find much code either...

Luis Macedo | Sr Platform Architect | Pivotal Inc

Mobile: +55 11 97616-6438

Pivotal.io

Take care of the customers and the rest takes care of itself

--
You received this message because you are subscribed to the Google Groups "Greenplum Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gpdb-users+unsubscribe@greenplum.org.
To post to this group, send email to gpdb-...@greenplum.org.
Visit this group at https://groups.google.com/a/greenplum.org/group/gpdb-users/.
For more options, visit https://groups.google.com/a/greenplum.org/d/optout.

Douglas Spadotto

unread,

Mar 9, 2017, 9:31:14 AM3/9/17

to kawe jack, Greenplum Users

Hi Kawe,

As Luis said, it seems this parameter is not on the documentation.

But the source code (/src/backend/libpq/auth.c) has some comments that can give more detail on the link you sent:

/*

 * Special client authentication for QD to QE connections. This is run at the

 * QE. This is non-trivial because a QE some times runs at the master (i.e., an

 * entry-DB for things like master only tables).

*/

static bool

internal_client_authentication(Port *port)
...

if (GpIdentity.segindex == MASTER_CONTENT_ID)
	{
		/* 
		 * The entry-DB (or QE at the master) case.
		 *
		 * The goal here is to block network connection from out of
		 * master to master db with magic bit packet.
		 * So, only when it comes from the same host, the connection
		 * is authenticated, if this connection is TCP/UDP. We
		 * don't assume the connection is via unix domain socket,
		 * but if it comes, just authenticate it. We'll need to
		 * verify user on UDS case, but for now we don't do too much
		 * for the goal described above.
		 */
		if(port->raddr.addr.ss_family == AF_INET
#ifdef HAVE_IPV6
				|| port->raddr.addr.ss_family == AF_INET6
#endif   /* HAVE_IPV6 */
			   )
		{
			if (check_same_host_or_net(&port->raddr, ipCmpSameHost) &&
				!gp_reject_internal_tcp_conn)
			{
				elog(DEBUG1, "received same host internal TCP connection");
				FakeClientAuthentication(port);
			}
			else
			{
				/* Security violation? */
				elog(LOG, "rejecting TCP connection to master using internal"
					 "connection protocol");
				return false;
			}
			return true;
		}
		else if (port->raddr.addr.ss_family == AF_UNIX)
		{
			/* 
			 * Internal connection via a domain socket -- use ident
			 */...

I'd enable this in production, as this seems to affect queries that run only on the master. But I'd also watch out for any impact on other queries you might have, specially if you run a lot of catalog operations (CREATE/ALTER TABLE).

Regards,

Douglas

--
You received this message because you are subscribed to the Google Groups "Greenplum Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gpdb-users+unsubscribe@greenplum.org.
To post to this group, send email to gpdb-...@greenplum.org.
Visit this group at https://groups.google.com/a/greenplum.org/group/gpdb-users/.
For more options, visit https://groups.google.com/a/greenplum.org/d/optout.

--

Visite: http://canseidesercowboy.wordpress.com/

Siga: @dougspadotto ou @excowboys

-----

Frodo: "I wish none of this had happened."

Gandalf: "So do all who live to see such times, but that is not for them to decide. All we have to decide is what to do with the time that is given to us."

-- Lord of the Rings: The Fellowship of the Ring (2001)

kawe jack

unread,

Mar 9, 2017, 9:29:19 PM3/9/17

to Greenplum Users, mintao...@gmail.com

thanks for your feedback Luis.

在 2017年3月9日星期四 UTC+8下午9:58:41，Luis Macedo写道：

Hummm... this parameter is not documented...

Can't find much code either...

Luis Macedo | Sr Platform Architect | Pivotal Inc
Mobile: +55 11 97616-6438
Pivotal.io
Take care of the customers and the rest takes care of itself

2017-03-09 9:00 GMT-03:00 kawe jack <mintao...@gmail.com>:

Hello,everyone:
i have encountered a bug of greenplum recently.When i execute a inspective query, the response is "ERROR: failed to acquire resources on one or more segments".Under the help of google,it seems that the key point is the parameter ——gp_reject_internal_tcp_connection.However,i can't find any detail information about this parameter.
The bug i encountered is similar to this(https://discuss.pivotal.io/hc/en-us/articles/220670047--Failed-to-acquire-resources-on-one-or-more-segments-error-message-seen-in-Pivotal-Greenplum).
Could anyone can tell more about this parameter?Shall we set this parameter off in the production environment?
Regards,
kawe

--
You received this message because you are subscribed to the Google Groups "Greenplum Users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to gpdb-users+...@greenplum.org.

kawe jack

unread,

Mar 9, 2017, 9:59:13 PM3/9/17

to Greenplum Users, mintao...@gmail.com

Hi Douglas,

Many thanks for your feedback.According to the source code ,It seems after setting parameter "gp_reject_internal_tcp_conn" false,there will be a light constraint on the connection between QE and QD .Is it better to set the parameter disabled ?

在 2017年3月9日星期四 UTC+8下午10:31:14，Douglas Spadotto写道：

To unsubscribe from this group and stop receiving emails from it, send an email to gpdb-users+...@greenplum.org.

To post to this group, send email to gpdb-...@greenplum.org.
Visit this group at https://groups.google.com/a/greenplum.org/group/gpdb-users/.
For more options, visit https://groups.google.com/a/greenplum.org/d/optout.

Douglas Spadotto

unread,

Mar 10, 2017, 6:22:56 AM3/10/17

to kawe jack, Greenplum Users

Hi Kawe,

Yes, the documentation hints that it's better to leave it disabled, as it adds some overhead (network connection to same host, the master) for master-only queries.

Regards,

Douglas

To unsubscribe from this group and stop receiving emails from it, send an email to gpdb-users+unsubscribe@greenplum.org.

To post to this group, send email to gpdb-...@greenplum.org.
Visit this group at https://groups.google.com/a/greenplum.org/group/gpdb-users/.
For more options, visit https://groups.google.com/a/greenplum.org/d/optout.

Reply all

Reply to author

Forward

the greenplum parameter "gp_reject_internal_tcp_connection"

kawe jack

Luis Macedo

Douglas Spadotto

kawe jack

kawe jack

Douglas Spadotto